IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

Phillip Hallam-Baker <hallam@gmail.com> Fri, 03 May 2013 11:40 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D25A21F93B1 for <dnsext@ietfa.amsl.com>; Fri, 3 May 2013 04:40:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bz+8y3ZUbeh for <dnsext@ietfa.amsl.com>; Fri, 3 May 2013 04:40:42 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id A234A21F8433 for <dnsext@ietf.org>; Fri, 3 May 2013 04:40:41 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id s10so1260164wey.3 for <dnsext@ietf.org>; Fri, 03 May 2013 04:40:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=I2JfSJ8utvfS8fSnNNoNV3ZdkyQW1PCh8s0Ab2/CvvI=; b=MhnAHY2jv8TGpdttsy2MR+QriXYZxQldrOVhxr30+Y27MiPNTIk6u7/G8XHlAYVieM 37/SgOlvjW3qNhp2gjOwpWYNkSU13aAmVii/gRhMYYrW++a6wQgNx7LRQQ/rjZXpxK7l fuvArjHLljGmxw/63OE7u/CvznAPYnA/3FeNqzoaA7Cwx0DaFxEvqTHG2Jmr/E6VKNZ7 ooYkTH+a+2D+//JioNtFhD03dEHhNdwI9V8wc73CxH8sfIMaZRkCCAli5Z0cdkV/y+TQ 1AH4stWw4gRKuEBhy2dRqOrYEw4rSPpg2vaBTLwd+TpPIvKmow8j2PfI1vBW7ln/jDWf hB0w==
MIME-Version: 1.0
X-Received: by 10.180.95.106 with SMTP id dj10mr12080920wib.1.1367581240783; Fri, 03 May 2013 04:40:40 -0700 (PDT)
Received: by 10.194.121.161 with HTTP; Fri, 3 May 2013 04:40:40 -0700 (PDT)
In-Reply-To: <7B2DEDE4-1038-4A24-8A7C-213223A64CF9@frobbit.se>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <alpine.BSF.2.00.1304242309150.38677@joyce.lan> <46778ED3-35A2-44B4-BE3C-AAC4F7B314FF@virtualized.org> <92BBD83F-676D-4B05-B927-4101DD5CAD3E@neustar.biz> <72539563-0FA7-4C5E-901B-A5AFCE9CE038@virtualized.org> <7B2DEDE4-1038-4A24-8A7C-213223A64CF9@frobbit.se>
Date: Fri, 03 May 2013 07:40:40 -0400
Message-ID: <CAMm+Lwhmxs0C67TWvZ1EqCmb3anrtpcYG036=Eunj36DJ4DW_g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "dnsext@ietf.org Group" <dnsext@ietf.org>
Content-Type: multipart/alternative; boundary="f46d04428d920efabd04dbced2c4"
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 11:40:42 -0000

Responding to multiple arguments in the thread.

1) The majority of participants in the SPF group never intended to
transition to the SPF record. It was only ever proposed to get the spec
past IETF last call over objections from DNSEXT. I can't see anything has
changed since.

The DNSEXT participants did not exactly help their cause by telling
everyone that the Microsoft DNS server supported unknown record types long
after Microsoft had denied that it did and showed the source code to prove
that the server could not save or read unknown record types.

2) The issues involved in SPF, DKIM and DANE are different. DANE has a
dependency on DNSSEC and thus a requirement for new RR type support, DKIM
and SPF do not. DKIM did not require wildcard records (for signing mail at
least) and so use of prefix records was practical. SPF required wildcard
support because of its function and required that it did not have a DNSSEC
dependency.

3) +1 to Paul Hoffman on the not answering the question point. DNSSEC would
have deployed ten years ago with the ATLAS rollout had this WG accepted one
simple change to the specification for the sake of deployment. Not that the
fault is entirely in the WG, the chair and the AD bear most of the blame as
did the IESG for allowing an AD in one area to chair a WG in another.

4) SPF existed and had a significant deployed base before the WG was
started. The most that the WG could have done was to have persuaded some
users of SPF to use the new record instead of TXT. Ending use of the TXT
record was never an achievable goal and that is the only outcome that would
have had any value.


But anyway, what is done is done.

If people think that there is a value to TXT record like things and that
the new RR mechanism works then why not address the problem of SPF
polluting the TXT namespace (which I never liked) by creating a new TXT
record or so?

v2.23.0 | Report a Bug | By Email